GB2472814A - Authentication and activation of a switchgear device - Google Patents
Authentication and activation of a switchgear device Download PDFInfo
- Publication number
- GB2472814A GB2472814A GB0914491A GB0914491A GB2472814A GB 2472814 A GB2472814 A GB 2472814A GB 0914491 A GB0914491 A GB 0914491A GB 0914491 A GB0914491 A GB 0914491A GB 2472814 A GB2472814 A GB 2472814A
- Authority
- GB
- United Kingdom
- Prior art keywords
- fixture
- meta
- public network
- memory
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000004913 activation Effects 0.000 title claims description 13
- 230000005540 biological transmission Effects 0.000 claims abstract description 7
- 238000000034 method Methods 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 2
- 238000009434 installation Methods 0.000 abstract description 2
- 238000002955 isolation Methods 0.000 abstract 1
- 238000013475 authorization Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 235000013372 meat Nutrition 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H71/00—Details of the protective switches or relays covered by groups H01H73/00 - H01H83/00
- H01H71/74—Means for adjusting the conditions under which the device will function to provide protection
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02H—EMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
- H02H3/00—Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition with or without subsequent reconnection ; integrated protection
- H02H3/006—Calibration or setting of parameters
-
- H02J13/0079—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H2300/00—Orthogonal indexing scheme relating to electric switches, relays, selectors or emergency protective devices covered by H01H
- H01H2300/03—Application domotique, e.g. for house automation, bus connected switches, sensors, loads or intelligent wiring
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B90/00—Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
- Y02B90/20—Smart grids as enabling technology in buildings sector
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S20/00—Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
- Y04S20/14—Protecting elements, switches, relays or circuit breakers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/12—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
- Y04S40/128—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment involving the use of Internet protocol
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A switchgear device 100 comprising an indicator or processor 101 having a non-volatile memory 102 which cannot be directly accessed from outside the device is remotely activated via an external fixture 108. Identification data such as the device serial number is transacted with a remote authentication server 110 which validates the identity of the device and transmits a meta number to the device which decodes the meta-number and activates the switchgear device if it is found to be valid, possibly by comparison with a unique number stored in the device memory. Communication between the device 100 and, fixture 108 may be by a low rate asynchronous communication bus transmitting data in short packets; include decryption 103, 106 devices and communication interfaces 104,105 using a TCP/IP transmission protocol and galvanic isolation. Communication with remote server (fig 3, 110) can include encryption (fig 3, 114, 115) to encrypt the meta number before transmission and be over a public network such as the internet. A switchgear device can be activated from a dormant to a functional state at installation or at the point of purchase, allowing genuine parts to be identified from counterfeit parts.
Description
Title: Activation and anti counterfeiting function
Background to the invention
A large number of switchgear devices are copied mainly because of their relative mechanical and electronic simplicity. In the mast majority of cases the external appearance of most copies compares with a genuine product whilst their interior construction is somewhat different from the genuine design resulting usually in a much reduced performance and in some cases dangerous behaviour.
A number of solutions exist to identify counterfeit products, for example serial numbers, holograms etc, and while these do allow manufacturers to trace product and identify how counterfeit products are entering the distribution channels there is no real method to distinguish between a genuine product and a copy at the point of sale.
The purpose of this invention is to disclose a method of product activation either at the end customers installation or at the point of purchase thereby allowing end users and installers to clearly identify genuine parts from counterfeit ones. Additionally this method allows manufacturers to offer greater support to end users and installers.
Description
The route from a switchgear manufacturer to the end customer is typically via national distribution networks through wholesalers and onto installers. This channel does not have a feedback path from the installers to the manufacturers to confirm the product they are using is genuine.
Typically is the end user I installer is asked to complete a warranty card or similar registration form, this rarely happens. All that the end customer is concerned with is that the product appears to be functioning correctly.
The method described relies on switchgear devices being locally activated either at the point of use or at the point of sale. Activation can mean either the device is switched from a dormant state where non or part of the device is functioning to a condition where it is fully functional, or to a state where the device indicates that it has been validated with the manufacturer.
The method of activation uses a transaction process that transmits a secure code between the manufacturer and the device. This method consists of four parts, a serial number, a unique device number, meat number and an encryption key.
At the point of activation the device is attached to an activation fixture which reads the serial number from the device along. This number with customer information is then transmitted to an authentication server which generates the meta number using the encryption key. This number is transmitted to the device attached to the fixture.
The device then decrypts the meta number using the key embedded in the device and then either indicates the product is genuine or enables the functionality of the device if the decoded meta number is found to be a match to the unique device number.
The unique number is a randomly generated number typically 16 digits in length and is different from the serial number allocated to the device at manufacture. This device number along with the serial number and activation key are programmed into the device at manufacture in one time programmable memory. Both the encryption key and unique device number are protected from being read out of the memory and therefore not being copied.
Figure 1 illustrates the process flow during the activation sequence.
The second part decryption method uses could be a widely available variety for example AES or a proprietary version unique to a specific manufacturer.
Implementation of the one time programmable memory may be as part of the overall memory in a microprocessor or similar used to control the device or as a stand alone memory.
The first part decryption algorithm may be implemented as firmware code executed on a microprocessor based device or implemented as an integrated circuit or as a hardware description programmed in to a gate array.
The authentication server has access to the manufacturers serial number database which incorporates both the serial number of the device manufactured and the random 16 digit device number.
When the server receives the authentication request it looks up the supplied serial number in the database and then reads the device number. This device number is then used to generate the authentication code which is transmitted to the device requiring authentication. Encryption of the device number is in multiple stages the first part being to generate a meta number which represents the device number this meta number is then encoded again for transmission to the device fixture. The object of this double encoding method is to prevent the device number being transmitted directly to the device as this encoded number may be compromised. The second part of the encoding is typically used to secure data being transmitted over public networks.
The fixture may incorporate a decoding device to remove the second part encoding however the first part decoding will always be performed within the device.
The encoding a decoding algorithms of the first part may share a common mathematical function.
Description of diagrams
Error! Reference source not found. shows the authentication process flow Error! Reference source not found. shows the functional components of both the circuit breaker and the activation fixture Error! Reference source not found. shows the functional components of the authentication server.
Embodiment I Example
With reference to Error! Reference source not found., this diagram illustrated the authentication process flow between the four components involved in the authentication process.
With reference to Error! Reference source not found. and Error! Reference source not found., The preferred embodiment comprises a device 100 a fixture 108 and an authentication server 110.
The device requiring authentication 100 must at least have and indicator or processing means 101 a non volatile read only memory 102 in which parts of the memory cannot be directly accessed from outside the device 100, a first part decryption function 103 which can be implemented as an integrated circuit and a communications interface 104.
The Fixture 108 comprises at least communications interface 105 for connecting to the device requiring authentication, a second part decryption function 106 and a public network interface 107.
The authentication server 110 comprises at least a public network interface 111 a request manager 112, database 113 containing serial numbers and related device numbers first part encryption process 115 and second part encryption process 114.
The communications link between the device 100 and the fixture 108 is typically a low data rate asynchronous communications bus which transmits data in short packets and command messages between the fixture and the device. This protocol operating on this bus could be SPI, llC, lrDA or some other specific protocol. The bus would typically be galvanically isolated and the physical interface between the device and the fixture 108 could be via an optical coupling means.
The data link between the public network interfaces 107 and 111 would typically be an internet interface connected using Ethernet and TCP/IP as the transmission protocol.
Figure 1 described the flow for the authentication process. Once the device 100 is attached to the fixture 108 the activation sequence can be started by either the device itself 100 or the fixture 108. The serial number stored in the device memory 102 is transmitted via the communications interface 104 to the fixture 108 The fixture then packs the serial number with customer related data and sent to the authentication server 110.
The authentication server receives the data and looks up the device in the database using the serial number as a reference key. Each device record contains the unique device number, this is then encrypted to generate the meta number which in turn is encrypted again for transmission via a public network In the fixture the encrypted authorization code is received via the public network interface 107 and the 2nd part decryption takes place to leave the 1st part encrypted data. The 2nd part decryption process is implemented either as a software algorithm or as an integrated circuit within the fixture 108.
The first part encrypted authorization code is transmitted to the device via the communications interface 105. The device 100 receives the first part encrypted meta number and decrypts this to reveal the meta number this first part decryption process is implemented either as a software algorithm or as an integrated circuit within the device 100.
The decoded device number is validated against the device number using a suitable comparison process. Up on validation the indicator or CPU 101 either indicated that the device has been validated or activates the some or all of the functions of device 100.
Claims (11)
- Claims 1. A method of device activation incorporating a switchgear device 100 having an indicator or processing means 101 a non volatile read only memory 102 in which parts of the memory cannot be directly accessed from outside the device 100 incorporating a method of remote activation when used in conjunction with an external fixture 108 to enable said device 100 identification data to be transacted between the said device 100 and a remote authentication server 110 which validates the identity of the said device 100 and transmits a meta number to the device 100 which in turn decodes said meta number and activates the said device 100 if found to be valid.
- 2. A device according to claim 1 incorporating a first part decryption function 103.
- 3. A device according to claim 2 which may be implemented as an integrated circuit.
- 4. A device according to claim 1 incorporating communications interface 104.
- 5. A Fixture according to claim 1 comprises a communications interface 105, a second part decryption function 106 and a public network interface 107.
- 6. An Authentication server according to claim 1 comprises a public network interface 111 a request manager 112, database 113, first part encryption process 115 and second part encryption process 114.
- 7. A communications interface according to claim 4 characterized by a low data rate asynchronous communications bus which transmits data in short packets and command messages between the fixture 108 and the device 100.
- 8. A communications interface according to claim 4 further characterized by a galvanically isolated physical interlace between the device 100 and the fixture 108.
- 9. A public network interface according to claim 4 using TCP/IP as the transmission protocol.
- 10. An Authentication server according to claim 6 characterized by a method using the device 100 serial number as a reference key to look up the device record containing the unique device number which is then encrypted to generate the meta number which in turn is encrypted again for transmission via the public network interface
- 11. A device according to claim 1 characterized by a comparison algorithm that compares the unique number stored within the device's memory and the received decoded meta number number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0914491A GB2472814A (en) | 2009-08-19 | 2009-08-19 | Authentication and activation of a switchgear device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0914491A GB2472814A (en) | 2009-08-19 | 2009-08-19 | Authentication and activation of a switchgear device |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0914491D0 GB0914491D0 (en) | 2009-09-30 |
GB2472814A true GB2472814A (en) | 2011-02-23 |
Family
ID=41171608
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0914491A Withdrawn GB2472814A (en) | 2009-08-19 | 2009-08-19 | Authentication and activation of a switchgear device |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2472814A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102332750A (en) * | 2011-05-31 | 2012-01-25 | 镇江泰丰电工设备制造有限公司 | Intelligent high-voltage switch cabinet |
CN105576605A (en) * | 2016-03-08 | 2016-05-11 | 杭州青橄榄网络技术有限公司 | Dormitory high-power equipment management method and controller |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030151491A1 (en) * | 2000-04-19 | 2003-08-14 | Fabrice Martin | Method and device for monitoring enablement of an electrical apparatus connected to a power grid |
WO2008095894A1 (en) * | 2007-02-05 | 2008-08-14 | Siemens Aktiengesellschaft | Energy distribution device, particularly low-voltage energy distribution device, and method for authenticating an energy distribution device |
-
2009
- 2009-08-19 GB GB0914491A patent/GB2472814A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030151491A1 (en) * | 2000-04-19 | 2003-08-14 | Fabrice Martin | Method and device for monitoring enablement of an electrical apparatus connected to a power grid |
WO2008095894A1 (en) * | 2007-02-05 | 2008-08-14 | Siemens Aktiengesellschaft | Energy distribution device, particularly low-voltage energy distribution device, and method for authenticating an energy distribution device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102332750A (en) * | 2011-05-31 | 2012-01-25 | 镇江泰丰电工设备制造有限公司 | Intelligent high-voltage switch cabinet |
CN105576605A (en) * | 2016-03-08 | 2016-05-11 | 杭州青橄榄网络技术有限公司 | Dormitory high-power equipment management method and controller |
Also Published As
Publication number | Publication date |
---|---|
GB0914491D0 (en) | 2009-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20160277933A1 (en) | Secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment | |
RU2321179C2 (en) | Method for protected transmission of data between two devices | |
JP4954628B2 (en) | Authentication device, authenticator and authentication method using true random number generator or pseudorandom number generator | |
US7879111B2 (en) | System and method for RFID transfer of MAC, keys | |
EP0912919B1 (en) | Immobilisation protection system for electronic components and method therefor | |
US20120078798A1 (en) | Systems and methods for transmitting financial account information | |
JP2009524165A (en) | Network security system and method | |
JP2005518041A (en) | Methods and configurations for protecting software | |
US20150222426A1 (en) | Method and System for Transferring Firmware or Software to a Plurality of Devices | |
CN1913427A (en) | System and method for encrypted smart card PIN entry | |
WO2003021406A2 (en) | Data storage device security method and apparatus | |
WO2003015340A1 (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
KR20170093847A (en) | Device keys protection | |
KR20100071209A (en) | Verification of device using device tag | |
CN112187714A (en) | Device control method, device and computer readable medium | |
WO2008021581A2 (en) | Secure electronic transaction system | |
US20150334095A1 (en) | System and method for securing data exchanges, portable user object and remote device for downloading data | |
FR2808149A1 (en) | Monitoring activation of electrical device connected to power grid, uses comparison of enabling code sent from monitoring station with code held in device | |
US9536116B2 (en) | Active component embedded in cable | |
US20080307499A1 (en) | Upgradable Security Module | |
US20070143607A1 (en) | Electronic device enabling hardware and methods | |
US7233920B1 (en) | System and apparatus for credit transaction data transmission | |
GB2472814A (en) | Authentication and activation of a switchgear device | |
CN104350756A (en) | Security device for pay-tv receiver decoder | |
JPH1020778A (en) | Encoding device, decoding device and ic card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |